@lockzero/railway-lockzero

@lockzero/railway-lockzero

Sync secrets from your LockZero vault into Railway service variables via the Railway GraphQL API.

Installation

npm install -g @lockzero/railway-lockzero

Or use npx:

npx @lockzero/railway-lockzero sync --help

CLI Usage

lockzero-railway sync \
  --lz-key      lz_live_... \
  --railway-token <your-railway-token> \
  --project     <railway-project-id> \
  --service     <railway-service-id> \
  --namespaces  openai,stripe \
  --environment production \
  --prefix      ""

Options

Flag	Required	Default	Description
--lz-key	Yes*	LOCKZERO_API_KEY env	LockZero API key
--railway-token	Yes*	RAILWAY_TOKEN env	Railway API token from railway.app/account/tokens
--project	Yes	—	Railway project ID
--service	Yes	—	Railway service ID
--namespaces	Yes	—	Comma-separated LockZero namespaces
--environment	No	production	Railway environment name or ID
--prefix	No	""	Prefix for injected variable names

*Can also be set via environment variable.

Programmatic API

import { syncToRailway } from "@lockzero/railway-lockzero";

const result = await syncToRailway({
  lzApiKey:     "lz_live_...",
  railwayToken: "your-railway-token",
  projectId:    "abc123",
  serviceId:    "def456",
  namespaces:   ["openai", "stripe"],
  environment:  "production",
  prefix:       "",
});

console.log(`Synced ${result.synced} variables`);

Railway Template (one-click deploy)

Click Deploy on Railway to spin up a scheduled sync job:

Set these environment variables in Railway after deploy:

Variable	Description
LOCKZERO_API_KEY	Your LockZero API key
RAILWAY_TOKEN	Railway API token
RAILWAY_PROJECT	Target project ID
RAILWAY_SERVICE	Target service ID
LZ_NAMESPACES	Comma-separated namespace list

Getting a Railway Token

• Go to https://railway.app/account/tokens
• Create a new token with Full Access.
• Use it as --railway-token or RAILWAY_TOKEN.